Slashdot Mirror
Mac OS X Sandbox Security Hole Uncovered
Gunkerty Jeb writes "Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple's announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems. Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core's advisory, several of the default predefined sandbox profiles fail to 'properly limit all the available mechanisms.' As a result, the sandboxing restrictions can be circumvented through the use of Apple events."
Apple recently announced they were pushing back the requirement for sandboxing, originally the requirement was November. Maybe this is why.
"I use a Mac because I'm just better than you are."
> Yes, the no-network profile only prevents network access.
1. no-network profile does *not* prevent network access see PoC [1]
2. The concept itself is broken, a sandbox which *only* prevents network access is completely useless. As a result network access is available to sanboxed applications.
[1] http://www.coresecurity.com/content/apple-osx-sandbox-bypass
This will not happen. I see this bullshit paranoia all the time. The mac will NOT be app-store only. However, if you CHOOSE to run app store only apps, you get sandboxed, vetted apps from a trusted vendor. Windows 8 is going the same way.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
This is a fake story about a fake hole. The "vulnerability" is that some sandbox profile, called "no-network", which isn't part of App Sandbox (a totally different sandbox technology, that will be required for apps on March 2012), but rather part of the legacy sandbox technology that was unused by 3rd party developers, only prevents network access. Yes, the no-network profile only prevents network access.
It's sad what's happened to Core Security in the past year or so.
No, it's not a fake vulnerability. You should read the report (RTFR?).
The vulnerability is about how apple events can be used to bypass the sandboxing of an application, and in this particular case to gain unrestrained network access even though the app is tagged as "no-network". According to the report it can be used to bypass other restrictions too.
diegoT
Steam can't run in a sandbox so apple can lock them out if they move to more of a app store only system.
...and the same is true of MS Office, Adobe CS, Parallels/VMWare etc. So maybe, just maybe, Apple isn't going to lock down OS X until people are no longer buying Macs to run those applications.
Sure they could decide to go this way - in which case I could feed a Linux or Windows disc in my Mac and give Apple up as a bad job. Personally, I'd be more worried as to whether MS is going to push UEFI secure boot onto every OEM, making it hard to buy any hardware that let you choose which OS to run.
OTOH the App Store could develop as somewhere that it was safe for a non-Admin account (Grandad, kids, mere employees) to install software from. The whole system wouldn't need to be locked down.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
No. You don't have to trash your Mac. OS X 10.5.8, Leopard, has the following useful characteristics:
1) it allows 64-bit data, so apps written for it can process massive data sets when used with 64-bit capable processors;
2) it comes on optical media, and is both easily installed and duplicated;
3) it is beginning to receive support from the user community (as opposed to Apple) for the bugs Apple left in it; (console messages in error with cron operations, anyone? -- not anymore)
4) it supports a wider range of available drivers than either Snow Leopard or Lion (or presumably, any of their successors);
5) it supports PPC emulation, consequently doesn't obsolete all those years of software, as does Lion;
6) Apple updates for Leopard that don't implement the problems of Snow Leopard and Lion are available as files;
7) Most responsible developers still support Leopard (it's still used by ~30% of the installed base)
8) The more people use Leopard, the healthier the OS X software community will be
9) No sandboxing -- straight up access according to user permissions. Terrific resistance to non-privileged exploits; the usual vulnerabilities if you're gullible enough to install malware and give it access.
10) Available for PPC, so entire spectrum of Macs for many years are usable and available as a market. If it ain't broke... don't stop supporting it.
Speaking as a developer, my company is aiming straight at, and developing under, Leopard; though we do test under Snow Leopard and Lion. It's a shame to have to give up some of the API's we could otherwise use (no one here is interested in implementing features that only work under later OS versions), but clearly it's the right thing to do: unlike Apple, we're not inclined to leave users behind, which is the philosophy that clearly underlies 10.6 and later.
Leopard is kind of like Apple's version of XP, except without the built-in obsolescence of "activation." It'll work natively for many, many years yet and with the advent of VMs, probably decades after that. It is easily "Hackintoshable." And in the meantime, if enough people drag their feet, maybe even Apple can be made to "get the message" that it isn't OS X that needs to move in the direction of IOS... it's IOS that needs to move in the direction of OS X. You know, things like nested folders, apps that can work filesystem-wide, etc.
I've fallen off your lawn, and I can't get up.
Customers were used to using drivers for scanners and etc, Apple took that away (effectively taking away the supported hardware) in Snow Leopard by breaking tons of them -- and never going back to fix them.
That's a third party problem, they need to support their own devices.
Customers were used to being able to run the PPC apps they had spent many dollars on... Apple took that away in Lion.
After they licensed very expensive software (Rosetta) to give you years to ween yourself of off PPC. I find it hard to imagine another OS vendor expending that much effort to do a seamless transition, even Bill Gates was impressed they pulled the intel switch off as seamlessly as Apple did. Ungrateful much ?
Customers have been used to apps (oh, I dunno, like Photoshop?) that were part of a system of apps that worked with their data, and Apple's taking that away within the bounds of the app store... and you think it's unlikely that this policy will spread outside the store?
Yes, they're not going to piss off a sizeable part of their customer base by making it impossible to run Photoshop or other Pro apps.
Buddy, Apple does what it wants -- they are *famous* for doing "teh stupidz" -- folders that don't nest under IOS, "wifi sync" that doesn't work under Leopard, a 4-year old native OS, while it does under XP, a ten year old non-native OS, they break the living hell out of IOS apps with just about every "upgrade", forcing developers to put up Yet Another Version of their app to correct for the incompatibilities...
Nested folders are a bad idea. People don't get nested hierarchies, spend some time watching non-geeks use computers and you'll see.
Leopard is down to 22% market share, XP only just dipped below 50% this summer. There's a vast amount of XP machines out there, so unfortunately Apple should expend the effort to support them.
iOS is a platform that's developing at an enormous pace because mobile is so competitive and fast evolving. Change or get left behind is the name of the game, accumulating backwards compatibility cruft à la Windows would be deadly. That said I have not heard many complaints about breakages.
When your reasoning depends upon Apple doing things because customers have expectations, your reasoning is no better than a random guess. Apple makes roadmaps, has "visions", and then aims at them. Up until Leopard and IOS4, they were doing pretty well at hitting the target, though of course everyone wanted more. 10.6 and later, IOS5... these are huge bags of fail from several perspectives, most especially from the one you're using to make your assertion: Apple doesn't aim at keeping customers expectations static.
You obviously don't like iOS5 and Lion. There are a lot of us who would beg to differ.
If all else fails, immortality can always be assured by spectacular error.